Knox VPN SDK

Overview

Protecting and auditing enterprise network traffic is a challenge for all organizations, and one that can directly affect any company’s bottom line. Creating a solution to this challenge can be difficult without extensive coordination between IT departments and Mobile Device Management (MDM) vendors.

The Knox SDKs simplify the process of creating a solution by providing the means to build tools such as Virtual Private Network (VPN) clients, split-billing clients, and bandwidth optimizers. Using Knox SDKs ensures that your software can be deployed quickly on a fleet of enterprise-ready Knox devices. Broad MDM support of Samsung’s Knox interfaces reduces the risk of compatibility issues, which means that your software can be quickly adopted and managed across multiple devices.

Many services can use the Knox VPN Service SDK, but it's most commonly used to build VPN client solutions. Virtual Private Networks are a common tool used by today's mobile workforce. Any organization with remote workers who need to transmit sensitive data over the Internet can use VPNs to secure their communications using protocols such as IPSec and SSL.

Some examples of VPN services that were built using the Knox VPN Service SDK include: F5 Edge, Pulse Secure (Juniper JunOS Pulse), Cisco AnyConnect, and Android VPN for Knox (StrongSwan). You can use the Knox VPN Service SDK to build your own VPN service or adapt an existing VPN service to run over our industry-leading secure Knox platform.

How it works

The diagram above highlights three types of apps that the Knox VPN framework supports:

VPN client apps — You can use the Knox VPN Service SDK to develop a VPN client or other networking solution that provides a VPN to users. You can distribute your software privately to enterprises or publicly through an app store like Google Play or this SEAP website. Enterprise IT admins can then install and manage your software on their corporate devices.

MDM apps — You can use an MDM app to push a VPN configuration to a user. You can work with MDM vendors to have them support your solution in their product, or you can use the Knox Standard and/or Knox Premium SDKs to create your own MDM software to control mobile device management policies. For example, you can use the Knox SDKs to configure your VPN client to control which apps use its VPN tunnels when transmitting data.

Enterprise apps — You can create apps that always use a VPN connection to transmit data between the device and the enterprise. Having the app request a VPN tunnel ensures that all data is encrypted and transmitted via a secure connection.

The Knox VPN Service SDK provides the IknoxVpnService.aidl file, which defines a set of interfaces that you can implement to support communication between VPN client apps and the Knox VPN Framework. For example, you must implement the appropriate interfaces from the AIDL file to add the ability to configure a VPN client by an MDM.